FIrefox ESR 17.0.7 is not updating when told to update.

RESOLVED INVALID

Status

AUS Graveyard
General
RESOLVED INVALID
4 years ago
4 years ago

People

(Reporter: Joe Rauch, Unassigned)

Tracking

x86_64
Windows 7

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [bugday-20140804])

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
Created attachment 8464719 [details]
FirefoxESR17.0.7Updates.png

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)

Steps to reproduce:

Opened Firefox ESR 17.0.7
Clicked Help-> About
Clicked "Check for Updates" (You are currently on the esr update channel.)
Firefox the About Window says "Firefox is up to date."


Actual results:

Opened Firefox ESR 17.0.7
Clicked Help-> About
Clicked "Check for Updates" (You are currently on the esr update channel.)
Firefox the About Window says "Firefox is up to date."


Expected results:

Opened Firefox ESR 17.0.7
Clicked Help-> About
Clicked "Check for Updates" (You are currently on the esr update channel.)

Firefox would have downloaded the most recent version of ESR.

Comment 1

4 years ago
Thank you for the report.

Please try the steps described by Nick Thomas in bug 939468 comment 6.
Component: Untriaged → General
Flags: needinfo?(joe.rauch)
Product: Firefox → AUS
Whiteboard: [bugday-20140804]
Version: 17 Branch → 3.0
(Reporter)

Comment 2

4 years ago
In regards to Bug 939468 Comment 6...here is how one would accomplish those steps for version 17.0.7.

Type "about:config" in to the location bar
Search for "app.update.log"
Double click "app.update.log" so that the Boolean value is set to "True"
Open the Error Console: Tools -> Web Developer -> Error Console
In the Error Console, press the clear button.
Check for Updates: Help -> About Firefox -> Check for Updates
Copy and paste, in to the bug report, all Error Console entries that begin with "AUS:SVC"


Here are my Error Console Entries:
AUS:SVC Checker:getUpdateURL - update URL: https://aus3.mozilla.org/update/3/Firefox/17.0.7/20130618114625/WINNT_x86-msvc/en-US/esr/Windows_NT%206.1.1.0%20(x64)/default/default/update.xml?force=1

AUS:SVC Checker:checkForUpdates - sending request to: https://aus3.mozilla.org/update/3/Firefox/17.0.7/20130618114625/WINNT_x86-msvc/en-US/esr/Windows_NT%206.1.1.0%20(x64)/default/default/update.xml?force=1

aus3.mozilla.org:443 uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)

AUS:SVC Checker:onError - request.status: 2153390067


AUS:SVC getStatusTextFromCode - transfer error: Update XML file malformed (200), default code: 200

AUS:SVC UpdateService:removeDownloadListener - no downloader!



Now that I see these entries, it looks like that when we had this software packaged and wrapped to be deployed in our environment, the updating capability might have been either stripped out or completely blocked.

-joe
Flags: needinfo?(joe.rauch)

Comment 3

4 years ago
Nick, you have asked for that ^ in a different bug.
Flags: needinfo?(nthomas)
Created attachment 8467357 [details]
Mac screenshot

Thanks for the information Joe. First of all, the "Firefox is up to date" message is a long standing design choice by the Firefox developers, which doesn't work so well when there is a problem checking for updates. The issue here though is the 'invalid security certificate' message.

I don't have a Windows 7 SP1 machine to test on, so I tried to reproduce the problem on my Mac (10.9) - it updated to 24.7.0esr without any issues. Attached is a screenshot showing that 17.0.7esr is quite happy with the chain of certificate authorities.

Possibilities
* Firefox on Windows is looking at the OS certificate store instead of the internal one
* corporate proxy that intercepts https traffic and presents different certs, which aren't in 

If you load the url
 https://aus3.mozilla.org/update/3/Firefox/17.0.7/20130618114625/WINNT_x86-msvc/en-US/esr/Windows_NT%206.1.1.0%20(x64)/default/default/update.xml?force=1
in the location bar, what happens ? Probably Firefox will complain, and may give you a chance to view the certificate and chain of issuers.
Flags: needinfo?(nthomas)
(Reporter)

Comment 5

4 years ago
I went to this url:
https://aus3.mozilla.org/update/3/Firefox/17.0.7/20130618114625/WINNT_x86-msvc/en-US/esr/Windows_NT%206.1.1.0%20%28x64%29/default/default/update.xml?force=1

And after being warned about accepting an unsigned certificate, I was then prompted to authenticate with my domain credentials to some sort of internal WCG that I was unfamiliar with.

Once I authenticated though, my browser displayed this:

<updates><update type="minor" displayVersion="24.7.0esr" appVersion="24.7.0" platformVersion="24.7.0" buildID="20140714155506" detailsURL="https://www.mozilla.com/en-US/firefox/24.7.0/releasenotes/" actions="silent"><patch type="complete" URL="http://download.mozilla.org/?product=firefox-24.7.0esr-complete&os=win&lang=en-US&force=1" hashFunction="SHA512" hashValue="ae8308db834c422e038a2c6dfed76ea0ea5cb07df9e277026d2a20289d6c3a20fee93ff9b662d792ff2e892a9673f85437f3368db7b2493e8aa8f705966e16eb" size="28144363"/></update></updates>
OK, we're making progress. For a user-initiated Check for Updates that you're using, bug 259429 should mean that a prompt for credentials is shown. It's certainly possible that it doesn't cover all styles of authentication. Could you expand on what 'internal WCG' means ?

If you don't need to use that style of authentication for normal Firefox use, including other https sites, then your next stop may be your local IT.
(Reporter)

Comment 7

4 years ago
I have confirmed with our internal network security team that Websense has been configured to block updates for Firefox.  Mystery solved.

Thank you everyone for your help.  I will just proceed to package the newest revision of the ESR.

Issue resolved/closed.
Closing as not a problem in Firefox.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.